I just spent the last two weeks deep in the trenches writing a compiler from scratch (Ark-Lang, ~21k LOC in Rust), and I wanted to do a writeup on the hardest architectural friction point I hit: embedding SOC-2 level cryptographic verification directly into the AST parsing phase.

Usually, compilers are black boxes. You feed them source, they spit out bytecode or WASM. I wanted the compiler to physically prove it did its job without external linters.

The Engineering Challenge:

I had to build a 5-phase pipeline where the AST is actually Merkle-hashed right after the Lexer/Parser finishes.

1. Lexing/Parsing

2. AST Merkle-root hashing

3. Linear Type Checking (tracking resource consumption to prevent double-spends)

4. Codegen (targeting a custom stack VM and native WASM)

5. Minting the HMAC-signed ProofBundle.

The absolute nightmare here was keeping the linear type checker synchronized with the WASM memory offsets while ensuring the AST hash didn't mutate during optimization passes. I basically had to freeze the AST state, hash it, and then pass an immutable reference to the linear checker (`checker.rs`).

Writing the WASM codegen by hand at 4 AM was probably a mistake, but it compiles cleanly now.

Has anyone else experimented with generating cryptographic receipts at the compiler level? Curious how other people handle AST freezing during multi-pass optimization.